<?php
	require 'login.php';

if (isset($_POST['Inserisci'])){	
		$error=0;
		$thread = cleanNumber($_POST['thread']);
		$corpo = cleanString($_POST['Corpo'],2000,'');		
		$qry = "INSERT INTO Posts (Corpo, Autore, Thread) values ('$corpo',   '".$_SESSION['Utente']."',".$thread.")";
		$check = mysql_query($qry) or $error=1; 
		$qry = "SELECT Data FROM Posts WHERE Id = LAST_INSERT_ID()";
		$check = mysql_query($qry) or $error=1; 
		$data = mysql_fetch_assoc($check);
		$qry = "UPDATE Threads SET UltimoPost = '".$data['Data']."', NumeroPost = NumeroPost+1 WHERE Id = '".$thread."'";
		$check = mysql_query($qry) or $error=1; 
		
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
    <?php
            include('generico.php');
    
	generaHead();
	?>
    <body>
        <div id="container">
        <?php
			
            generaHeader();
            generaMenusx();
            generaMenuLogin();
            echo '<div id="Content">';
	    if(isset($_SESSION['Utente'])) {		
            if(isset($_GET['t'])){
			$thread = cleanSimpleString($_GET['t'],30);
			$qry = "SELECT Titolo, Stato FROM Threads WHERE Id = $thread";
			$thread = mysql_query($qry);
			$thread = mysql_fetch_assoc($thread);
			if($thread['Stato']=='Aperto') {
				echo"
					<form name=\"Invia\" method=\"post\" action=\"".$_SERVER['PHP_SELF']."?ok=1"."\">
					<fieldset><legend>Nuovo Post</legend>
						<p class=\"titolo\">Inserisci un nuovo post nel thread <h3>".$thread['Titolo']."</h3></p>
						<input type=\"hidden\" value=\"".$_GET['t']."\" name=\"thread\">
						<div>
						<label for=\"Corpo\">Post</label>
						<textarea rows=20 cols=40 class=\"Corpo\" id=\"Corpo\" name=\"Corpo\"></textarea>
						</div>
					</fieldset>
					<div >
					<p id=\"go\">
					<input type=\"submit\" value=\"Inserisci\" name=\"Inserisci\" id=\"Inserisci\">
					</p>
					</div>
					</form>
			
				";
			}else
				echo '<p class="red">Non puoi inserire post in thread chiusi!</p>';
		}else
			if(isset($_GET['ok']) && $_GET['ok']){
				$qry = "SELECT Titolo FROM Threads WHERE Id ='".$thread."';";
				$nome = mysql_query($qry);
				$nome = mysql_fetch_assoc($nome);

				echo "<p>Post inserito</p><p><a href=\"thread.php?t=$thread\"> Torna a ".$nome['Titolo']."</a></p>";
			}
			else echo "<p>Non sei all'interno di nessun tread</p>";
		}
			else
                echo '<p>Devi effettuare il login per poter creare un nuovo thread</p>';
	
            echo '</div>';

            generaFooter();
        ?>
        </div>
    </body>
</html>

